Botnet

Follow
Dramatic server room scene illustrating the SSHStalker Linux botnet infecting thousands of vulnerable servers via SSH exploits.
Image generated by AI

Researchers discover SSHStalker botnet infecting Linux servers

Reported by AI Image generated by AI

Flare researchers have identified a new Linux botnet called SSHStalker that has compromised around 7,000 systems using outdated exploits and SSH scanning. The botnet employs IRC for command-and-control while maintaining dormant persistence without immediate malicious activities like DDoS or cryptomining. It targets legacy Linux kernels, highlighting risks in neglected infrastructure.

SSHStalker botnet uses IRC to target Linux servers

A new Linux botnet named SSHStalker is exploiting cloud servers for profit by employing the ancient IRC protocol. It targets Linux servers through automated scans, cron jobs, and IRC communications. The operation revives old-school methods to cut costs, as reported by TechRadar.

New Linux botnet SSHStalker uses IRC for command-and-control

Reported by AI

Researchers have identified a new Linux botnet called SSHStalker that relies on the outdated IRC protocol for its command-and-control operations. The botnet spreads through SSH scanning and brute-forcing, targeting cloud infrastructure. It incorporates old vulnerabilities and persistence mechanisms for broad infection.

January 12, 2026 01:03

Gobruterforcer botnet targets Linux servers with brute-force attacks

January 07, 2026 09:35

Gobruteforcer botnet targets Linux servers worldwide

November 19, 2025 16:43

New botnet hijacks Ray clusters for crypto mining

October 19, 2025 00:19

Massive 6Tbps DDoS attack hits gaming hosting provider

This website uses cookies

We use cookies for analytics to improve our site. Read our privacy policy for more information.
Decline